Browse Source

Add Helm test for HAProxy

- Added a helm test to test HAProxy's health via kubernetes healthz endpoint.

Change-Id: I0ffba39d4e4245fad69c27f0fcafdcb58fdc9067
Aaron Sheffield 1 year ago
parent
commit
2885218d35

+ 1
- 1
charts/apiserver/templates/etc/_kubernetes-apiserver.yaml.tpl View File

@@ -38,7 +38,7 @@ spec:
38 38
         - {{ . }}
39 39
         {{- end }}
40 40
         - --advertise-address=$(POD_IP)
41
-        - --anonymous-auth=false
41
+        - --anonymous-auth=true
42 42
         - --bind-address=0.0.0.0
43 43
         - --secure-port={{ .Values.network.kubernetes_apiserver.port }}
44 44
         - --insecure-port=0

+ 42
- 0
charts/haproxy/templates/tests/test-haproxy-health.yaml View File

@@ -0,0 +1,42 @@
1
+{{/*
2
+# Copyright (c) 2018 AT&T Intellectual Property. All rights reserved.
3
+#
4
+# Licensed under the Apache License, Version 2.0 (the "License");
5
+# you may not use this file except in compliance with the License.
6
+# You may obtain a copy of the License at
7
+#
8
+#     http://www.apache.org/licenses/LICENSE-2.0
9
+#
10
+# Unless required by applicable law or agreed to in writing, software
11
+# distributed under the License is distributed on an "AS IS" BASIS,
12
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
+# See the License for the specific language governing permissions and
14
+# limitations under the License.
15
+*/}}
16
+{{/*
17
+Test that HAProxy is running and the config is valid */}}
18
+{{- if .Values.manifests.test_haproxy }}
19
+---
20
+apiVersion: v1
21
+kind: Pod
22
+metadata:
23
+  name: "{{ .Release.Name }}-haproxy-test"
24
+  annotations:
25
+    "helm.sh/hook": "test-success"
26
+spec:
27
+  restartPolicy: Never
28
+  containers:
29
+    - name: "{{ .Release.Name }}-haproxy-test"
30
+      env:
31
+        - name: HOST_IP
32
+          valueFrom:
33
+            fieldRef:
34
+              fieldPath: status.hostIP
35
+        - name: 'HAPROXY_URL'
36
+          value: https://$(HOST_IP):{{ .Values.endpoints.health.port }}/{{ .Values.endpoints.health.path }}
37
+      image: {{ .Values.images.tags.test }}
38
+      imagePullPolicy: {{ .Values.images.pull_policy }}
39
+{{ tuple . .Values.pod.resources.test | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
40
+      command: ["/bin/sh", "-c", "wget --no-check-certificate --spider ${HAPROXY_URL}; exit $?"]
41
+...
42
+{{- end }}

+ 16
- 4
charts/haproxy/values.yaml View File

@@ -26,11 +26,9 @@ conf:
26 26
           conf_parts:
27 27
             frontend:
28 28
               - mode tcp
29
-              - option tcpka
30 29
               - bind *:6553
31 30
             backend:
32 31
               - mode tcp
33
-              - option tcpka
34 32
               - option tcp-check
35 33
               - option redispatch
36 34
       kube-system:
@@ -39,11 +37,9 @@ conf:
39 37
           conf_parts:
40 38
             frontend:
41 39
               - mode tcp
42
-              - option tcpka
43 40
               - bind *:2378
44 41
             backend:
45 42
               - mode tcp
46
-              - option tcpka
47 43
               - option tcp-check
48 44
               - option redispatch
49 45
 
@@ -65,8 +61,17 @@ images:
65 61
   tags:
66 62
     anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
67 63
     haproxy: haproxy:1.8.3
64
+    test: busybox:1.28.3
68 65
   pull_policy: "IfNotPresent"
69 66
 
67
+manifests:
68
+  test_haproxy: true
69
+
70
+endpoints:
71
+  health:
72
+    port: 6553
73
+    path: "healthz"
74
+
70 75
 pod:
71 76
   lifecycle:
72 77
     upgrades:
@@ -95,5 +100,12 @@ pod:
95 100
       limits:
96 101
         memory: "256Mi"
97 102
         cpu: "2000m"
103
+    test:
104
+      limits:
105
+        memory: "128Mi"
106
+        cpu: "100m"
107
+      requests:
108
+        memory: "128Mi"
109
+        cpu: "100m"
98 110
 
99 111
 release_group: null

+ 2
- 1
charts/promenade/templates/tests/test-promenade-api.yaml View File

@@ -11,7 +11,8 @@
11 11
 # distributed under the License is distributed on an "AS IS" BASIS,
12 12
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 13
 # See the License for the specific language governing permissions and
14
-# limitations under the License. */}}
14
+# limitations under the License.
15
+*/}}
15 16
 {{/*
16 17
 Test that the API is up and the health endpoint returns a 2XX code */}}
17 18
 {{- if .Values.manifests.test_promenade_api }}

+ 3
- 4
examples/basic/armada-resources.yaml View File

@@ -572,6 +572,7 @@ data:
572 572
   timeout: 600
573 573
   wait:
574 574
     timeout: 600
575
+  test: true
575 576
   upgrade:
576 577
     no_hooks: true
577 578
   values:
@@ -585,11 +586,9 @@ data:
585 586
               conf_parts:
586 587
                 frontend:
587 588
                   - mode tcp
588
-                  - option tcpka
589 589
                   - bind *:6553
590 590
                 backend:
591 591
                   - mode tcp
592
-                  - option tcpka
593 592
                   - option tcp-check
594 593
                   - option redispatch
595 594
           kube-system:
@@ -598,11 +597,9 @@ data:
598 597
               conf_parts:
599 598
                 frontend:
600 599
                   - mode tcp
601
-                  - option tcpka
602 600
                   - bind *:2378
603 601
                 backend:
604 602
                   - mode tcp
605
-                  - option tcpka
606 603
                   - option tcp-check
607 604
                   - option redispatch
608 605
 
@@ -610,6 +607,7 @@ data:
610 607
       tags:
611 608
         anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
612 609
         haproxy: haproxy:1.8.3
610
+        test: busybox:1.28.3
613 611
 
614 612
   source:
615 613
     type: local
@@ -1139,6 +1137,7 @@ data:
1139 1137
   timeout: 600
1140 1138
   wait:
1141 1139
     timeout: 600
1140
+  test: true
1142 1141
   values:
1143 1142
     pod:
1144 1143
       env:

+ 3
- 4
examples/complete/armada-resources.yaml View File

@@ -612,6 +612,7 @@ data:
612 612
   timeout: 600
613 613
   wait:
614 614
     timeout: 600
615
+  test: true
615 616
   upgrade:
616 617
     no_hooks: true
617 618
   values:
@@ -625,11 +626,9 @@ data:
625 626
               conf_parts:
626 627
                 frontend:
627 628
                   - mode tcp
628
-                  - option tcpka
629 629
                   - bind *:6553
630 630
                 backend:
631 631
                   - mode tcp
632
-                  - option tcpka
633 632
                   - option tcp-check
634 633
                   - option redispatch
635 634
           kube-system:
@@ -638,11 +637,9 @@ data:
638 637
               conf_parts:
639 638
                 frontend:
640 639
                   - mode tcp
641
-                  - option tcpka
642 640
                   - bind *:2378
643 641
                 backend:
644 642
                   - mode tcp
645
-                  - option tcpka
646 643
                   - option tcp-check
647 644
                   - option redispatch
648 645
 
@@ -650,6 +647,7 @@ data:
650 647
       tags:
651 648
         anchor: gcr.io/google_containers/hyperkube-amd64:v1.8.6
652 649
         haproxy: haproxy:1.8.3
650
+        test: busybox:1.28.3
653 651
 
654 652
   source:
655 653
     type: local
@@ -1816,6 +1814,7 @@ data:
1816 1814
   timeout: 600
1817 1815
   wait:
1818 1816
     timeout: 600
1817
+  test: true
1819 1818
   values:
1820 1819
     pod:
1821 1820
       env:

+ 1
- 1
promenade/templates/include/utils.sh View File

@@ -234,7 +234,7 @@ spec:
234 234
     kubernetes.io/hostname: ${NODE}
235 235
   containers:
236 236
   - name: noisy
237
-    image: busybox:1.27.1
237
+    image: busybox:1.28.3
238 238
     imagePullPolicy: IfNotPresent
239 239
     command:
240 240
     - /bin/echo

+ 0
- 1
promenade/templates/roles/common/etc/promenade/haproxy/haproxy.cfg View File

@@ -17,7 +17,6 @@ global
17 17
 
18 18
 defaults
19 19
   mode tcp
20
-  option tcpka
21 20
   timeout connect 5000ms
22 21
   timeout client 24h
23 22
   timeout server 24h

+ 1
- 1
promenade/templates/roles/genesis/etc/kubernetes/manifests/bootstrap-armada.yaml View File

@@ -123,7 +123,7 @@ spec:
123 123
       - --advertise-address={{ config['Genesis:ip'] }}
124 124
       - --authorization-mode=Node,RBAC
125 125
       - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
126
-      - --anonymous-auth=false
126
+      - --anonymous-auth=true
127 127
       - --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem
128 128
       - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
129 129
       - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem

+ 1
- 1
promenade/templates/roles/genesis/etc/kubernetes/manifests/kubernetes-apiserver.yaml View File

@@ -19,7 +19,7 @@ spec:
19 19
         - --advertise-address={{ config['Genesis:ip'] }}
20 20
         - --authorization-mode=Node,RBAC
21 21
         - --admission-control=NamespaceLifecycle,LimitRanger,ServiceAccount,PersistentVolumeLabel,DefaultStorageClass,ResourceQuota,DefaultTolerationSeconds
22
-        - --anonymous-auth=false
22
+        - --anonymous-auth=true
23 23
         - --client-ca-file=/etc/kubernetes/apiserver/pki/cluster-ca.pem
24 24
         - --kubelet-certificate-authority=/etc/kubernetes/apiserver/pki/cluster-ca.pem
25 25
         - --kubelet-client-certificate=/etc/kubernetes/apiserver/pki/apiserver.pem

+ 0
- 4
tools/gate/config-templates/bootstrap-armada-config.yaml View File

@@ -564,11 +564,9 @@ data:
564 564
               conf_parts:
565 565
                 frontend:
566 566
                   - mode tcp
567
-                  - option tcpka
568 567
                   - bind *:6553
569 568
                 backend:
570 569
                   - mode tcp
571
-                  - option tcpka
572 570
                   - option tcp-check
573 571
                   - option redispatch
574 572
           kube-system:
@@ -577,11 +575,9 @@ data:
577 575
               conf_parts:
578 576
                 frontend:
579 577
                   - mode tcp
580
-                  - option tcpka
581 578
                   - bind *:2378
582 579
                 backend:
583 580
                   - mode tcp
584
-                  - option tcpka
585 581
                   - option tcp-check
586 582
                   - option redispatch
587 583
 

Loading…
Cancel
Save